*They're *always* alarming, but check out the mayhem here. Normally I quote a few bits and pieces from SANS, but gee whiz. Look at the scope of these troubles.
*Everyone who uses a computer should subscribe to this email list. It alarms me that SANS
is so little-known.
**************************************************************************
SANS NewsBites Oct. 4, 2013 Vol. 15, Num. 079
**************************************************************************
TOP OF THE NEWS
FBI Seizes Silk Road Underground Black Market Website
Bitcoin Value Drops After Silk Road Seizure
Proposed Legislation Would Reform Foreign Intelligence Surveillance Court
NSA Admits to Cellphone Location Data Gathering Pilot
THE REST OF THE WEEK'S NEWS
LinkedIn Fixes Issues that Allowed Cross-Site Scripting
Chrome Updated to Version 30
Microsoft's Patch Tuesday Will Include Fix for Actively Exploited IE Flaw
Attackers Steal Adobe Product Source Code and Access Customer Data
German Man Arrested for Attack on State Website
US Justice Dept. Asks FISC Not to Allow Tech Companies to Divulge
Data Request Details
Huffington Post Highlights Cyber Talent
US Government Demanded Lavabit Encryption Keys, According to
Unsealed Documents
DHS to Expand Community College Cybersecurity Internship Program
(...)
TOP OF THE NEWS
–FBI Seizes Silk Road Underground Black Market Website
(October 2 & 3, 2013)
US law enforcement officials have taken down Silk Road, an underground
black market forum known for distributing illegal drugs and offering
hacking services for hire and hacking products for sale. Silk Road,
which was reachable only through the Tor network, conducted transactions
exclusively in Bitcoins. The operation included the arrest of Silk
Road's operator Ross William Ulbricht. Ulbricht is being charged with
narcotics trafficking conspiracy, computer hacking conspiracy, and money
laundering conspiracy.
http://www.scmagazine.com/fbi-brings-down-silk-road-underground-market/article/314691/
http://krebsonsecurity.com/2013/10/feds-take-down-online-fraud-bazaar-silk-road-arrest-alleged-mastermind/
https://www.wired.com/threatlevel/2013/10/silk-road-raided/
Text of Complaint:
http://media.scmagazine.com/documents/54/ulbrichtcriminalcomplaint_13437.pdf
–Bitcoin Value Drops After Silk Road Seizure
(October 3, 2013)
The value of Bitcoin has dropped in the wake of the FBI's seizure of the
Silk Road website, which included US $3.6 million in bitcoins. One
possible explanation is investors were shying away from the virtual
currency because of its association with the underground site known for
its shady dealings. The FBI was able to seize the bitcoins by obtaining
their encryption keys from confiscated computer equipment.
http://www.bbc.co.uk/news/technology-24381847
http://www.washingtonpost.com/business/economy/bitcoin-industry-reeling-as-authorities-shut-down-silk-road-online-marketplace/2013/10/02/961b105a-2ba1-11e3-97a3-ff2758228523_story.html
–NSA Admits to Cellphone Location Data Gathering Pilot
(October 2 & 3, 2013)
The NSA has acknowledged that in 2010, it initiated a test project to
collect wholesale cellphone location data on regular citizens, but ended
the program in 2011 because it did not provide "operational value." NSA
director General Keith Alexander said on Wednesday, October 2, that
sample cellphone location data were collected "to test the ability of
[the NSA's] system's to handle the data format, but that data was not
used for any other purpose." Alexander had evaded answering a question
about the subject last week in a hearing. Senator Ron Wyden (D-Oregon)
suggested that there is still "significant information" that has not
been disclosed.
http://www.washingtonpost.com/world/national-security/nsa-had-test-project-to-collect-data-on-americans-cellphone-locations-director-says/2013/10/02/65076278-2b71-11e3-8ade-a1f23cda135e_story.html
http://www.theregister.co.uk/2013/10/03/nsa_admits_tracking_us_cellphones/
(...)
–Attackers Steal Adobe Product Source Code and Access Customer Data
(October 3, 2013)
Hackers broke into Adobe's network where they stole source code for a
number of products, including Acrobat, ColdFusion, and ColdFusion
Builder. They also accessed customer data, including account login
credentials and nearly three million payment card records. The stolen
data were stored on the same server used by the criminals who stole data
from LexisNexis, Kroll, and Dun & Bradstreet. Adobe believes the
attackers accessed the source code repository in mid-August.
http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/
http://news.cnet.com/8301-1009_3-57605962-83/adobe-hacked-3-million-accounts-compromised/
http://arstechnica.com/security/2013/10/adobe-source-code-and-customer-data-stolen-in-sustained-network-hack/
http://www.bankinfosecurity.com/adobe-breach-affects-29-million-a-6122
Adobe Announcements:
Illegal Access to Adobe Source Code:
http://blogs.adobe.com/asset/2013/10/illegal-access-to-adobe-source-code.html
Customer Security Announcement:
http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
Internet Storm Center:
https://isc.sans.edu/forums/diary/The+Adobe+Breach+FAQ/16727
(...)
–US Government Demanded Lavabit Encryption Keys, According to Unsealed
Documents
(October 2 & 3, 2013)
Recently unsealed documents in a court case regarding secure email
provider Lavabit's appeal of a US government demand for information show
that the government had ordered Lavabit to provide it with its SSL keys.
The order reads, in part, "The court determines that there is reason to
believe that notification of the existence of this order will seriously
jeopardize the ongoing investigation." Levison says he suggested logging
Snowden's communications, decrypting them and uploading them to a
government server on a daily basis. But the government wanted the
private SSL certificate used to encrypt all Lavabit traffic. He
initially provided the encryption keys in hardcopy format, printed out
as strings of numbers. When he was found to be in contempt of court for
this action, being fines US $5,000 a day, he eventually relented and
provided the government with the electronic keys but the immediately
shut down his business.
http://arstechnica.com/tech-policy/2013/10/lavabit-defied-order-for-snowdens-login-info-then-govt-asked-for-sites-ssl-key/
http://www.computerworld.com/s/article/9242930/US_demanded_access_to_encryption_keys_of_email_provider_Lavabit?taxonomyId=17
https://www.wired.com/threatlevel/2013/10/lavabit_unsealed/
http://www.zdnet.com/unsealed-docs-show-what-really-happened-with-lavabit-7000021489/
http://www.theregister.co.uk/2013/10/03/lavabit_snowden_investigation_details/
Pleadings Exhibits (Redacted):
https://www.documentcloud.org/documents/801182-redacted-pleadings-exhibits-1-23.html
(...)
************************************************************************
The Editorial Board of SANS NewsBites
John Pescatore was Vice President at Gartner Inc. for fourteen years.
He became a director of the SANS Institute in 2013. He has worked in
computer and network security since 1978 including time at the NSA and
the U.S. Secret Service.
Shawn Henry recently retired as FBI Executive Assistant Director
responsible for all criminal and cyber programs and investigations
worldwide, as well as international operations and the FBI's critical
incident response. He is now president of CrowdStrike Services.
Stephen Northcutt teaches advanced courses in cyber security management;
he founded the GIAC certification and was the founding President of STI,
the premier skills-based cyber security graduate school, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of CounterHack, the nation's top producer of
cyber ranges, simulations, and competitive challenges, now used from
high schools to the Air Force. He is also author and lead instructor of
the SANS Hacker Exploits and Incident Handling course, and Penetration
Testing course..
Michael Assante was Vice President and Chief Security Officer at NERC,
led a key control systems group at Idaho National Labs, and was American
Electric Power's CSO. He now leads the global cyber skills development
program at SANS for power, oil & gas and other critical infrastructure
industries.
Mark Weatherford is a Principal at The Chertoff Group and the former Deputy
Under Secretary of Cybersecurity at the US Department of Homeland Security.
William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate
School.
Sean McBride is Director of Analysis and co-founder of Critical
Intelligence, and, while at Idaho National Laboratory, he initiated the
situational awareness effort that became the ICS-CERT.
Rob Lee is the SANS Institute's top forensics instructor and director
of the digital forensics and incident response research and education
program at SANS (computer-forensics.sans.org).
Tom Liston is a Senior Security Consultant and Malware Analyst for
InGuardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He leads SANS' efforts to raise the bar in
cybersecurity education around the world.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Gal Shpantzer is a trusted advisor to CSOs of large corporations,
technology startups, Ivy League universities and non-profits
specializing in critical infrastructure protection. Gal created the
Security Outliers project in 2009, focusing on the role of culture in
risk management outcomes and contributes to the Infosec Burnout project.
Alan Paller is director of research at the SANS Institute.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
—–BEGIN PGP SIGNATURE—–
iEYEARECAAYFAlJO/AkACgkQ+LUG5KFpTkZpLwCeN4sFAJBKc1CbG3QyVrNo+JGk
mO4AniIlcQudzgJJWEZVnbPKll35/y3y
=6biQ
